It seems this great tool has been lost to internet backlog somewhere. I cannot locate it anywhere. The description of tools provided is
http://www.securityfocus.com/tools/category/112
If someone on ...

I'm aware that there are various tools for testing for XSS vulnerabilities. However, all the ones that I'm aware of (Vega, possibly BeEF, etc.) operate purely client-side. When testing for stored XSS ...

I've started trying to increase my networking security at my house. One thing that worries me (because other people in the house are always downloading viruses that come along with "free" games) are ...

I was tasked to perform as scan against a lab and Nessus returned an "Apache HTTP Server httpOnly Cookie Information Disclosure" vulnerability. What I would like to know is what these cookies contain ...

As I understand the PCI DSS 3.0/3.1 penetration testing requirements, a company is compliant with 11.3 if the penetration test does not return any high risk vulnerabilities.
However, what happens if ...

I've been playing around with a router d-link dwr-921 and found some vulnerabilities in the web interface. I still haven't managed to get shell access and now I'm thinking about modifying the firmware ...

The machine I am attacking has anti-virus installed.
I have managed to use Veil Framework in order to create an initial reverse shell payload that is undetected by the AV. However, UAC is enabled on ...

Say you are conducting a penetration test of an internal network. The internal network comprises of workstations, servers and company and contractor laptops.
In an ideal world, the penetration test ...

We have planned to give our web application to a third party vendor,what were the precautionary measures which we need to take care before giving our application to third party vendor?
As the vendor ...

I just want to know what the risks would be to that company who conduct penetration test for other companies/clients.
For example a company named "A" providing services for penetration test and that ...

I am running a trial of Cobalt Strike which runs over the Metasploit Framework. I am trying to perform an SSH related attack on my laptop, and I get the error in the title for all SSH related attacks. ...

Currently looking at getting some of our web sites pen tested but there are some many companies offering the same, and who are probably using the same tools (not to mention the same wordpress layouts) ...

Google isn't providing me with any helpful answers.
I'm running Kali Linux 64bit, with OpenVas running. I am able to run scans fine, and read results in Greenbone. However when I try to create a LSC ...

I don't know for you but I always felt like Android especially is not safe. Is somebody - the government or other - able to listen to my microphone, or access my hard drive remotely ?
I'm wondering ...

I'm a newbie but I want to become a penetration tester. I'm taking a course on cryptography but I'm wondering... how useful is crypto for penetration testing compared to other skills like operating ...

Before I begin, I say 'illegal' because I guess the law is somewhat sketchy around the topic and that topic is XSS research. Apparently people have been taken to court over it and UK law does have a ...

I have question about if MITM works across remote systems?
Often, I'm doing internal penetration test, but I'm not sure about how to do MITM attack when I am outside from that network.
Does classic ...

I recently security tested my web application using Firefox browser and while pentesting my webapplication i noticed safebrowsing.google.com,while i diged more about it ,i could able to retreive only ...

I am in penetration testing on a server with Linux RHEL6/7 os. Vulnerability databases such as http://www.cvedetails.com/ mentioned the vulnerability CVE-2014-2483 for Java in Linux RHEL systems. I ...

I'm using a debian7 VPS for hosting my websites. I have only installed webmin, apache, mysql, SSH and a wordpress website. I always update my packages and wordpress version.
What is the best (free) ...

I started to study pentesting for two months with the book named Penetration Testing - A Hands on Introduction to Hacking by Georgia Weidmann, and now I am really hungry to learn more :) . I think I ...

Which is harder? If I see 2 pentesters, one with one and one with the other who would this information alone qualify above the other? I know it doesn't work like this and it is all down to experience ...

While I do not claim to be an expert in all things security based, I'd think that I have a good grounded knowledge of what is acceptable and what is not in regards to digital security.
After giving ...